sysklogd HACK
Here is info I found on the redhat.com system about the sysklogd Hack. Is
anyone working on a fix for this?
Thanks,
Ken Rea
----------------------------------------------------------------------
Package: Sysklogd
Updated: 01-Apr-1999
Problem:
(01-Apr-1999):Security Fix
An overflow in the parsing code could lead to crashes of the system
logger.
Red Hat would like to thank the members of the BUGTRAQ mailing list,
the members of the Linux Security Audit team,
and others. All users of Red Hat Linux are encouraged to upgrade to
the new packages immediately. As always, these
packages have been signed with the Red Hat PGP key.
(17-Nov-1998):Security Fix
A buffer overflow has been identified in all versions of the sysklogd
packages shipped with Red Hat Linux. As the time
of this post there are no known exploits for this security
vulnerability.
Red Hat would like to thank Michal Zalewski (lcamtuf@IDS.PL) and the
members of the Bugtraq mailing list for
discovering this problem and providing a fix.
Users of Red Hat Linux are recommended to upgrade to the new packages
available under updates directory on our ftp
site:
Solution:
Intel: Upgrade to:
rpm -Uvh
ftp://updates.redhat.com/5.2/i386/sysklogd-1.3.31-0.5.i386.rpm
Alpha: Upgrade to:
rpm -Uvh
ftp://updates.redhat.com/5.2/alpha/sysklogd-1.3.31-0.5.alpha.rpm
Sparc: Upgrade to:
rpm -Uvh
ftp://updates.redhat.com/5.2/sparc/sysklogd-1.3.31-0.5.sparc.rpm
Reply to: